Tor was seriously compromised during the Summer of 2014 by unknown assailants, but now the Tor Project has revealed that it thinks it has determined the culprit: the FBI. According to the Tor Project, the FBI paid researchers from Carnegie Mellon University $1 million to crack Tor’s encryption.

“On July 4 2014 we found a group of relays that we assume were trying to deanonymize users,” the Tor Project wrote on its blog at the time. “They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.”

In a follow-up post yesterday (11th November), the team writes, “The Tor Project has learned more about last year’s attack by Carnegie Mellon researchers on the hidden service subsystem. Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes.”

“There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon’s Institutional Review Board,” the post adds. “We think it’s unlikely they could have gotten a valid warrant for CMU’s attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once.”

The Tor Project brands the alleged actions of the FBI as an attack on “civil liberties” and “a violation of our trust and basic guidelines for ethical research.”